Observations & Conclusions From 2017

It was assumed that this was most likely due to the computer/software configuration on which Guccifer 2.0 had created an initial pre-tainted template document (with Russian "fingerprints") which was then saved and duplicated several times with each copy having different body content pasted in (to produce a series of tainted documents).

From this, I inferred that it was plausible for the documents to have come from Biden's office due to Flood being Biden's former IT Director.

The latest evidence found by Forensicator, however, discredits that premise and it also gives us a more compelling explanation for the observations that were made.

Flood's Name Found On Legitimate Podesta Attachments

As some of you may know, G2's first five documents were all constructed to have content in them that we would later learn came from atachments to Podesta's emails.

What most of us didn't know until now though, was that Warren Flood's name appears on some of Podesta's attachments, in fact, it looks like the title and other meta data came from one of the two legitimate documents attributed to Flood.

What appears to have happened is that one of Flood's two "Slate - Domestic.." documents linked to above was opened up, the watermark was changed from "CONFIDENTIAL DRAFT" to "CONFIDENTIAL" and the date segment of the footer was removed.

Here's a screenshot of one of those Flood-authored original documents:

Conclusion

From Forensicator's initial observations, It now appears that the watermark, the footer and Flood's details in the metadata likely came from one of the two Flood-authored Podesta email attachments and that the contents of the Trump Opposition Research file were then copied into it.

This considerably reduces the likelihood of the premise that G2 created his documents on a computer previously owned by Flood and pretty much serves to vindicate Biden's West Wing Office, etc. too.

The files, the data within them and associations/correlations/etc are being analyzed further, we will hopefully know in the next day or two which of Flood's documents was actually used initially.

Forensicator's discovery has slightly lowered my confidence in the interim attribution that I've made but it hasn't changed that attribution, I still see CrowdStrike executives as the most probable operators of the G2 persona (due to all the other evidence considered in aggregate).

That's the new discoveries very briefly covered for now but as mentioned at the start of this article - a more detailed report (as well as a few article updates where needed) will be coming out through the remainder of the week.